Yesterday, a very interesting article was published on the MISP blog by my friend Koen about a solution to monitor a MISP instance with Cacti. Monitoring your threat intelligence platform is always a good idea because many other tools depend on it. You can feed other tools with MISP data
Tag: monitoring
[SANS ISC] Security Monitoring: At Network or Host Level?
I published the following diary on isc.sans.edu: “Security Monitoring: At Network or Host Level?“: Today, to reach a decent security maturity, the keyword remains “visibility”. There is nothing more frustrating than being blind about what’s happening on a network or starting an investigation without any data (logs, events) to process.
Do Organizations Take Care of Their Online Presence?
For a few months now, my toy leakedin.com is back online. When I brought the website up again, a question immediately popped up in my mind: “How to protect myself against angry users or organizations not happy to see potentially sensitive data disclosed?“. The website compiles interesting data like credit
Monitor your Monitoring Tools
We (and I’m fully part of it) deploy and use plenty of security monitoring tools daily. As our beloved data is often spread across complex infrastructures or simply across multiple physical locations, we have to collect interesting information and bring them in a central place for further analysis. That’s called
Tracking Tweets in your SIEM
My previous post about monitoring pastebin.com within your SIEM gave ideas to some of you. On aftershell.com, you will find a fork of my script to monitor WordPress RSS feeds. If pastebin.com may contain relevant piece of information as well as blogs, do not underestimate the value of social networks!
Implementing Security Controls via Nagios
In my last post, I gave some inputs about the implementation of basic security. It can be increased by following simple rules and procedures. This was purely theoretical. So, I decided to continue on this topic and show you how basic security checks can be implemented without spending too much
Implementing Active Lists in OSSEC
The second OSSEC week just ended. Here is a reflection about a feature that does not exist (yet?) in OSSEC. The goal of a SIEM (“Security Incidents and Events Management“) is to collect logs from multiple non-heterogeneous sources and process them to add some extra value to the events. To
This Blog is Monitored by OSSEC
As part of the second edition of the OSSEC week, I’d like to give some information about my daily usage of OSSEC. This week is an initiative from Michael Starks of Immutable Security and aim to promote OSSEC to the security community. I’m fully supporting such great initiatives. What about
PaloAlto Firewall Threat Monitoring Using OSSEC
Usually, I don’t speak or even try to give references to commercial security products on my blog. Why? Just because, my philosophy is the following: “First analyze the problems and then choose the right solution(s)“. The proposed solution could be commercial or free, hardware or software based, who cares? If
Accessing (Safely?) Nagios on iPhone
I was looking for a Nagios application to install on my iPhone for tests purpose and I was surprised to find more hits than expected. It’s true that Nagios is one of the best (if not THE best) open-source monitoring solutions. There is a huge community of developers and contributors